Normal view
-
/r/netsec - Information Security News & Discussion
- ASUS bsitf.sys (CVE-2026-13585): Arbitrary Physical Memory Mapping via Unvalidated IOCTL
-
/r/netsec - Information Security News & Discussion
- HN Security - My Semgrep C/C++ ruleset is ready for prime time again
-
/r/netsec - Information Security News & Discussion
- The Memory Heist - How I tricked Claude into leaking your deepest, darkest secrets
-
/r/netsec - Information Security News & Discussion
- (More) Unauthenticated Arbitrary Code Execution in ServiceNow
(More) Unauthenticated Arbitrary Code Execution in ServiceNow
-
/r/netsec - Information Security News & Discussion
- Source-reviewing 200+ self-hosted multi-tenant AI/SaaS apps for tenant isolation: 78 leaked across tenants (the "un-retrofitted read sibling")
-
/r/netsec - Information Security News & Discussion
- How an Infostealer Infection Led to a Sophisticated ClickFix Campaign at Artlist
-
/r/netsec - Information Security News & Discussion
- Smashing the ServiceNow Sandbox β Pre Authentication RCE
Smashing the ServiceNow Sandbox β Pre Authentication RCE
When LLMs do more than they have to
I wanted to build an HTML file with Claude. And it started a Node server to open it. And there was a Directory Traversal as well there. Always review what agents / LLMs do
[link] [comments]
Writing an Evasive .NET Shellcode Loader
-
/r/netsec - Information Security News & Discussion
- Enhancing IIoT Security Using Digital Twins in Industry
Enhancing IIoT Security Using Digital Twins in Industry
The AI research centre at Torrens University Australia has helped produce a review of 110 studies on digital twins and IIoT security.
What were the main takeaways? They have found that DTs are shifting away from passive monitoring to being a part of the defence architecture.
One of the biggest weak points they found was in legacy sensors with low bandwidth. In these situations, there is a lag before the digital twin reflects a real-world change, and that lag is where attacks tend to slip in.
Would be interested to hear your thoughts! Has anyone here dealt with that sync-gap problem on older hardware?
[link] [comments]
-
/r/netsec - Information Security News & Discussion
- AXON Body camera 3 of 4 hardware reverse cracking output videoοΌ
AXON Body camera 3 of 4 hardware reverse cracking output videoοΌ
Recently, I saw someone selling a well-known second-hand market in China. Except for some functions that need to be connected to networking, the 4th generation is used normally. However, because AXON is not in the Chinese market, most of them purchase the activated version from eBay and then reverse. Will such a problem lead to the body camera video of some American enterprises and some unpublished videos of the police will be leaked. Then he sells these body3 and 4th generations at prices ranging from 1,000 dollars and about 1,500 US dollars respectively, and gives a unique software to read and delete it. The question is whether it is feasible or not, but it is not fake to see the real shot.
[link] [comments]
-
/r/netsec - Information Security News & Discussion
- ExporTheft: 11 "AI Chat Exporter" Chrome extensions upload full chat content on PDF export, while the store listing says "No uploads to external servers"
ExporTheft: 11 "AI Chat Exporter" Chrome extensions upload full chat content on PDF export, while the store listing says "No uploads to external servers"
Family of 11 same-codebase extensions (ChatGPT/Claude/Gemini/etc), ~5.5k users on the main one. Sold as local-only: the store listing says "No uploads to external servers," "Everything processed locally," "No tracking or telemetry."
Observed in the tested version:
- PDF export POSTs the full conversation to the developer's Cloud Run backend. A local renderer is bundled but only runs as a fallback.
- Markdown/Text/JSON exports beacon title + source URL to /api/usage. The title is derived from your first message, so it can contain chat content.
- Every request carries an X-Client-ID in chrome.storage.sync, so it follows you across machines.
Detection + full writeup: https://malext.io/reports/ExporTheft/
[link] [comments]
-
/r/netsec - Information Security News & Discussion
- Context Bombs: Using AI Guardrails as a defensive mechanism
Context Bombs: Using AI Guardrails as a defensive mechanism
-
/r/netsec - Information Security News & Discussion
- CET-Compliant Callstack Spoofing via Thread Pool & Enum Callback Trampolining (Rust PoC)
CET-Compliant Callstack Spoofing via Thread Pool & Enum Callback Trampolining (Rust PoC)
I wrote this after spending an unreasonable amount of time making CET-compliant callstack spoofing work end-to-end on hardware with Intel CET enabled.
The technique combines three primitives: thread pool execution for a clean stack base, enum callback trampolining for a real signed mid-stack frame, and indirect syscalls.
The actual contribution is the CET compliance mechanism: a jmp-based context switch combined with direct shadow stack pointer reconciliation via RDSSPQ/INCSSPQ, without touching unwind metadata. Different approach from BYOUD.
Implemented in Rust with inline assembly.
[link] [comments]
-
/r/netsec - Information Security News & Discussion
- Dell BIOS Passwords: Weak XOR Encryption Allows Recovery from SPI Flash (CVE-2026-40639)
-
/r/netsec - Information Security News & Discussion
- Persistence via Fake AMSI Provider | Playbook & Detection Strategies
Persistence via Fake AMSI Provider | Playbook & Detection Strategies
-
/r/netsec - Information Security News & Discussion
- Vulnerability in Realtek driver allows DMA controller abuse from user mode with no additional hardware or driver
Vulnerability in Realtek driver allows DMA controller abuse from user mode with no additional hardware or driver
The vulnerability allows non-privileged users to program the DMA controller, enabling arbitrary physical memory reads and writes.
[link] [comments]
-
/r/netsec - Information Security News & Discussion
- Scanning malicious websites with arbitrary number of VPN tunnels (Part 2)
Scanning malicious websites with arbitrary number of VPN tunnels (Part 2)
-
/r/netsec - Information Security News & Discussion
- Inside Raton RAT: A Commodity Trojan That Tries to Do Everything
Inside Raton RAT: A Commodity Trojan That Tries to Do Everything
-
/r/netsec - Information Security News & Discussion
- Closing the Timing Gap: Defensive Temporal Observability
Closing the Timing Gap: Defensive Temporal Observability
Lately Iβve been thinking about time.
Uptime, pulse checks, execution time, response time. Weβve always treated these as health metrics. They tell us whether a system is alive, responsive, and performing as expected. But what if theyβre also security metrics?
That idea isnβt entirely new. At the network layer, covert timing channels, beaconing detection, and behavioral baselining have shown us for decades that the intervals between events matter. Attackers have long understood that rhythm carries information. More recently, researchers have demonstrated timing side-channel attacks against LLMs, using cache latency to infer private prompts and token cadence to fingerprint model outputs.
What I find interesting is the imbalance. Most of the research asks, βHow can timing be exploited?β Very little asks, βHow can timing help us defend?β
A 2026 systematic survey of LLM-agent security identifies temporal anomaly detection infrastructure as an open research gap, noting that current agent deployment frameworks donβt even support the behavioral baselines such an approach would require. Even then, the discussion largely focuses on session-level behavior. The rhythm within a single execution, the space between observable events, remains largely unexplored.
Maybe time isnβt just metadata, maybe itβs another dimension of observability that weβve been overlooking.
Time tells you duration and speed. But read carefully, it also reveals location, choke points, and absences, the things that didnβt happen when they should have.
Iβve started exploring this in my own observability work, measuring behavioral changes & entropy across inter-arrival intervals and treating rhythm as signal rather than noise to smooth away.
Curious to know who else is working on the defensive side of temporal behavior, especially for agentic systems or any thoughts or opinions on this topic.
Reference: βA Systematic Survey of Security Threats and Defenses in LLM-Based AI Agents: A Layered Attack Surface Framework,β arXiv:2604.23338 (2026). https://arxiv.org/abs/2604.23338
[link] [comments]